# OpenVAS Security Scanner, Slackware default configuration file
#
# Empty lines and those starting with '#' are ignored.

# Directory where plug-ins are to be found
plugins_folder = /usr/lib/openvas/plugins

# E-mail address of the admin
email = root

# Maximum number of hosts
max_hosts = 255

# Number of plugins that will run against each host,
# i.e. simultaneous tests
# Total number of processes will be max_checks x max_hosts
max_checks = 15

# File used to log activity. Set it to 'syslog' if you want to use syslogd.
logfile = /var/log/openvas/openvasd.messages

# Log every detail of the attack in openvasd.messages
# If disabled only the beginning and end are logged, and
# not the time each plugin takes to execute
log_whole_attack = yes

# Log the name of the plugins that are loaded by the server
log_plugins_name_at_load = no

# Dump file for debugging output, use `-' for stdout
dumpfile = /var/lib/openvas/openvasd.dump

# File that contains rules database that apply to all users
rules = /etc/openvas/openvasd.rules

# Users database file
users = /etc/openvas/openvasd.users

# Path where it will find information for all users
per_user_base = /var/lib/openvas/users

# Cache folder
cache_folder = /var/cache/openvas

# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin

# Optimize the test
optimize_test = yes

# Read timeout (in seconds) for the sockets of the tests
# Increase this value if running on a slow network link (dialup)
checks_read_timeout = 15

# Delay (in seconds) to pass for between two tests against the same port
# (to be inetd friendly)
delay_between_tests = 1

# Do not run simultaneous ports for these tests. Default value:
# non_simul_ports = 139, 445

# Remote file that the plugins will try to read:
test_file = /etc/passwd

# Range of the ports that nmap will scan
port_range = 1-15000

# Ping hosts before scanning them?
ping_hosts = yes

# Only test the IPs that can be reversely looked up?
reverse_lookup = no

# Host expansion:
# dns:  performs and AXFR on the remote name server
#       and test the host obtained
# nfs:  test hosts that have the right to mount the
#       filesystems exported by the remote host
# ip:   scan the entire subnet
host_expansion = dns;ip

subnet_class = C

# Use the MAC address as host identifier (useful in 
# local LANs with dynamic addresses, e.g. DHCP)
# use_mac_addr = yes

# Slice the network IPs into portions and rotate them
# between scanning each slice. Instead of the (default)
# behaviour of scanning a network incrementally.
# slice_network_addresses = yes

scan_level = normal
outside_firewall = no

# Enable plugins that are depended on
# auto_enable_dependencies = yes

# Enable safe checks (this overrides the client's configuration)
# safe_checks = yes

# Allow users to upload plugins to the server
# Note: This effectively gives administrative permissions
# to OpenVAS users and, when using local checks, could grant
# them execute permissions in remote systems, so use with care!
plugin_upload = no

# Filename suffixes that are allowed when uploading
# plugin_upload_suffixes = .nasl, .inc

# Language to use in plugins.
# Current valid options are 'english' and 'french'
language = english

# Public key client server encryption (crypto options)
peks_username = openvasd
peks_keylen = 1024
peks_keyfile = /etc/openvas/openvasd.private-keys
peks_usrkeys = /etc/openvas/openvasd.user-keys
peks_pwdfail = 5
track_iothreads = yes
cookie_logpipe = /etc/openvas/openvasd.logpipe
cookie_logpipe_suptmo = 2
# Define SSL version, use NONE to disable SSL
# ssl_version = 3
# Full path and filename of a trusted certificate authority
# see /usr/share/doc/openvas/README_SSL.gz
# trusted_ca = 

# SSL Ciphers to use
# The following removes all SSLv3 ciphers except RC4.
# This has been implemented to workaround an OpenSSL 0.9.8
# bug, for more information please read
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338006
# and
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487
# ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA

# NASL scripts cryptographic checks of some plugins (trusted
# scripts). OpenVAS will refuse to load and execute trusted
# scripts that are not signed. Use extreme caution when
# setting this to 'yes'
#nasl_no_signature_check = no
nasl_no_signature_check = yes

# Uncomment the following for IO thread debugging
#track_iothreads = yes

# Set this to 'yes' if you want each child to be nice(2)d
# be_nice = yes

# End of /etc/openvas/openvasd.conf file.
#
# Added by openvas-mkcert
#
cert_file=/var/lib/openvas/CA/servercert.pem
key_file=/var/lib/openvas/private/CA/serverkey.pem
ca_file=/var/lib/openvas/CA/cacert.pem
# If you decide to protect your private key with a password, 
# uncomment and change next line
# pem_password=password
# If you want to force the use of a client certificate, uncomment next line
# force_pubkey_auth = yes
